Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1167

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-1167
Last Modified 05 Sep 2008 04:36:13
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-1167

Summary

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

Vulnerable Systems

Application

  • Gernot Stocker Kpopup 0.9.1

  • Gernot Stocker Kpopup 0.9.5 Pre2


References

BID - 8915

OSVDB - 2742

SECUNIA - 10105

XF - kpopup-systemcall-execute-code(13540)

BUGTRAQ - 20031028 Local root vuln in kpopup


Last Updated: 27 May 2016 10:38:16